This module sends HTTP requests with incomplete headers that prevents the Apache server to accept connections from legitimate clients. When the module is stopped the server continues working normally.
Active Directory, which is an essential component of the Windows 2000 architecture, presents organizations with a directory service designed for distributed computing environments. Active Directory allows organizations to centrally manage and share information on network resources and users while acting as the central authority for network security. The directory services provided by Active Directory are based on the Lightweight Directory Access Protocol (LDAP) and thus Active Directory objects can be stored and retrieved using the LDAP protocol. A vulnerability in Active Directory allows an attacker to crash and force a reboot of any Windows 2000 Server running the Active Directory service. The vulnerability can be triggered when an LDAP version 3 search request with many Base "Distinguised name" statements is sent to the server, resulting in a heap overflow and subsequent crash of the Lsaas.exe service. This in turn, will force a domain controller to stop responding, thus making possible a denial of service attack against it. The LDAP request does not need to be authenticated. The possibility of exploiting this vulnerability to execute arbitrary code on a vulnerable server has not been proved but is not discarded.
Active Directory, which is an essential component of the Windows 2000 architecture, presents organizations with a directory service designed for distributed computing environments. Active Directory allows organizations to centrally manage and share information on network resources and users while acting as the central authority for network security. The directory services provided by Active Directory are based on the Lightweight Directory Access Protocol (LDAP) and thus Active Directory objects can be stored and retrieved using the LDAP protocol. A vulnerability in Active Directory allows an attacker to crash and force a reboot of any Windows 2000 Server running the Active Directory service. The vulnerability can be triggered when an LDAP version 3 search request with more than 1000 "AND" statements is sent to the server, resulting in a stack overflow and subsequent crash of the Lsaas.exe service. This in turn, will force a domain controller to stop responding, thus making possible a denial of service attack against it. The LDAP request does not need to be authenticated. The possibility of exploiting this vulnerability to execute arbitrary code on a vulnerable server has not been proved but is not discarded.
ZipWrangler contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in ZipWrangler when handling .ZIP files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .ZIP file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
The vulnerability is caused due to a boundary error within the handling of .PLS files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .PLS file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
This module exploits a vulnerability in the sasatl.dll control included in the Zenturi ProgramChecker ActiveX application. The exploit is triggered when the DebugMsgLog() method processes a long string argument resulting in a stack-based buffer overflow. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This update adds support for Windows Vista. This module exploits a vulnerability in the Yahoo Messenger Webcam 8.1 ActiveX Control(ywcvwr.dll). When the Receive() method processes a long string argument, a stack based buffer overflow occurs allowing execution of arbitrary code.This exploit is triggered when an unsuspecting user is lured into visiting a malicious web-site hosted by Core Impact. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
Subscribe to Impact